Chiebot-Mirror
/
c-ares
mirror of https://github.com/c-ares/c-ares.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Brad House's validation that DNS response address matches the request address

Browse Source
pull/1/head
Yang Tse 17 years ago
parent a5b66d3293
commit 09d10cb5c5
3 changed files with 28 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      CHANGES
  2. 1
      RELEASE-NOTES
  3. 16
      ares_process.c

12
CHANGES
Unescape View File

@ -1,5 +1,17 @@
Changelog for the c-ares project
* Aug 25 2008 (Yang Tse)
- Improvement by Brad House:
This patch addresses an issue in which a response could be sent back to the
source port of a client from a different address than the request was made to.
This is one form of a DNS cache poisoning attack.
The patch simply uses recvfrom() rather than recv() and validates that the
address returned from recvfrom() matches the address of the server we have
connected to. Only necessary on UDP sockets as they are connection-less, TCP
is unaffected.
* Aug 4 2008 (Daniel Stenberg)
- Fix by Tofu Linden:

1
RELEASE-NOTES
Unescape View File

@ -9,6 +9,7 @@ This is what's new and changed in the c-ares 1.5.3 release:
o library will now be built with _REENTRANT symbol defined if needed
o Improved configure detection of number of arguments for getservbyport_r
o Improved query-ID randomness
o Validate that DNS response address matches the request address
Thanks go to these friendly people for their efforts and contributions:

16
ares_process.c
Unescape View File

@ -429,6 +429,8 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
int i;
ssize_t count;
unsigned char buf[PACKETSZ + 1];
struct sockaddr_in from;
socklen_t fromlen;
if(!read_fds && (read_fd == ARES_SOCKET_BAD))
/* no possible action */
@ -462,11 +464,23 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
/* To reduce event loop overhead, read and process as many
* packets as we can. */
do {
count = sread(server->udp_socket, buf, sizeof(buf));
/* Must memset 'from' to 0 as recvfrom() on some systems may
* not use 'from' at all if it doesn't support receiving the
* source address of the response */
memset(&from, 0, sizeof(from));
fromlen = sizeof(from);
count = (ssize_t)recvfrom(server->udp_socket, (void *)buf, sizeof(buf),
0, (struct sockaddr *)&from, &fromlen);
if (count == -1 && try_again(SOCKERRNO))
continue;
else if (count <= 0)
handle_error(channel, i, now);
else if (fromlen && from.sin_addr.s_addr != 0 &&
from.sin_addr.s_addr != server->addr.s_addr)
/* Address response came from did not match the address
* we sent the request to. Someone may be attempting
* to perform a cache poisoning attack */
break;
else
process_answer(channel, buf, (int)count, i, 0, now);
} while (count > 0);

Write Preview
Loading…
Cancel
Save